ACE: dropped conns due to header insert

Answered Question
Dec 2nd, 2007

My LB is dropping connections on port 443 when I have "insert-http source header-value "%is" configured. Other ports such as 80, or 8080 are working. The config is the same for all ports.


class-map match-any Service_VIP_Class

4 match virtual-address 1.1.1.1 tcp eq https


policy-map type loadbalance first-match Service_L7_Policy

class class-default

serverfarm Service_Serverfarm

insert-http source header-value "%is"

policy-map multi-match Service_LB_Policy

class Service_VIP_Class

loadbalance vip inservice

loadbalance policy Service_L7_Policy

loadbalance vip icmp-reply active

loadbalance vip advertise active


I see dropped conns on the service policy. When I remove the header insertion config, it connects ok.


Please help!

Correct Answer by Syed Iftekhar Ahmed about 9 years 2 months ago

There is no way any device (including ACE) can open an https packet to insert anything.


Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.


Syed



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Sun, 12/02/2007 - 11:57

There is no way any device (including ACE) can open an https packet to insert anything.


Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.


Syed



Actions

This Discussion